.NET 8.0 security update

2024-03-1400:00:00

linux.oracle.com

.net sdk 8.0.103

runtime 8.0.3

self-signed certificate

certificate chain

msbuild

rhel-25254

rhel-23936

unix

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.0005 Low

EPSS

Percentile

16.1%

JSON

[- 8.0.103-2.0.1]

Update to .NET SDK 8.0.103 and Runtime 8.0.3
Disable checking the signature of the last certificate in a chain if the certificate is supposedly self-signed.
Resolves: RHEL-25254
Backport MSBuild locale fix
Resolves: RHEL-23936

OSVersionArchitecturePackageVersionFilename
oracle linux9srcdotnet8.0< 8.0.103-2.0.1.el9_3dotnet8.0-8.0.103-2.0.1.el9_3.src.rpm
oracle linux9srcdotnet8.0< 8.0.103-2.0.1.el9_3dotnet8.0-8.0.103-2.0.1.el9_3.src.rpm
oracle linux9aarch64aspnetcore-runtime-8.0< 8.0.3-2.0.1.el9_3aspnetcore-runtime-8.0-8.0.3-2.0.1.el9_3.aarch64.rpm
oracle linux9aarch64aspnetcore-runtime-dbg-8.0< 8.0.3-2.0.1.el9_3aspnetcore-runtime-dbg-8.0-8.0.3-2.0.1.el9_3.aarch64.rpm
oracle linux9aarch64aspnetcore-targeting-pack-8.0< 8.0.3-2.0.1.el9_3aspnetcore-targeting-pack-8.0-8.0.3-2.0.1.el9_3.aarch64.rpm
oracle linux9aarch64dotnet-apphost-pack-8.0< 8.0.3-2.0.1.el9_3dotnet-apphost-pack-8.0-8.0.3-2.0.1.el9_3.aarch64.rpm
oracle linux9aarch64dotnet-host< 8.0.3-2.0.1.el9_3dotnet-host-8.0.3-2.0.1.el9_3.aarch64.rpm
oracle linux9aarch64dotnet-hostfxr-8.0< 8.0.3-2.0.1.el9_3dotnet-hostfxr-8.0-8.0.3-2.0.1.el9_3.aarch64.rpm
oracle linux9aarch64dotnet-runtime-8.0< 8.0.3-2.0.1.el9_3dotnet-runtime-8.0-8.0.3-2.0.1.el9_3.aarch64.rpm
oracle linux9aarch64dotnet-runtime-dbg-8.0< 8.0.3-2.0.1.el9_3dotnet-runtime-dbg-8.0-8.0.3-2.0.1.el9_3.aarch64.rpm

OS	Version	Architecture	Package	Version	Filename
oracle linux	9	src	dotnet8.0	< 8.0.103-2.0.1.el9_3	dotnet8.0-8.0.103-2.0.1.el9_3.src.rpm
oracle linux	9	src	dotnet8.0	< 8.0.103-2.0.1.el9_3	dotnet8.0-8.0.103-2.0.1.el9_3.src.rpm
oracle linux	9	aarch64	aspnetcore-runtime-8.0	< 8.0.3-2.0.1.el9_3	aspnetcore-runtime-8.0-8.0.3-2.0.1.el9_3.aarch64.rpm
oracle linux	9	aarch64	aspnetcore-runtime-dbg-8.0	< 8.0.3-2.0.1.el9_3	aspnetcore-runtime-dbg-8.0-8.0.3-2.0.1.el9_3.aarch64.rpm
oracle linux	9	aarch64	aspnetcore-targeting-pack-8.0	< 8.0.3-2.0.1.el9_3	aspnetcore-targeting-pack-8.0-8.0.3-2.0.1.el9_3.aarch64.rpm
oracle linux	9	aarch64	dotnet-apphost-pack-8.0	< 8.0.3-2.0.1.el9_3	dotnet-apphost-pack-8.0-8.0.3-2.0.1.el9_3.aarch64.rpm
oracle linux	9	aarch64	dotnet-host	< 8.0.3-2.0.1.el9_3	dotnet-host-8.0.3-2.0.1.el9_3.aarch64.rpm
oracle linux	9	aarch64	dotnet-hostfxr-8.0	< 8.0.3-2.0.1.el9_3	dotnet-hostfxr-8.0-8.0.3-2.0.1.el9_3.aarch64.rpm
oracle linux	9	aarch64	dotnet-runtime-8.0	< 8.0.3-2.0.1.el9_3	dotnet-runtime-8.0-8.0.3-2.0.1.el9_3.aarch64.rpm
oracle linux	9	aarch64	dotnet-runtime-dbg-8.0	< 8.0.3-2.0.1.el9_3	dotnet-runtime-dbg-8.0-8.0.3-2.0.1.el9_3.aarch64.rpm